mirror of
https://github.com/google/sandboxed-api.git
synced 2024-03-22 13:11:30 +08:00
Replace custom synchronization with absl::Notification
PiperOrigin-RevId: 248334969 Change-Id: I7614a3792babd399912c5d5a167ab5e0a0574d20
This commit is contained in:
parent
42761c8b72
commit
7294e9976e
|
@ -112,7 +112,6 @@ Monitor::Monitor(Executor* executor, Policy* policy, Notify* notify)
|
|||
policy_(policy),
|
||||
comms_(executor_->ipc()->comms()),
|
||||
ipc_(executor_->ipc()),
|
||||
setup_counter_(1),
|
||||
wait_for_execve_(executor->enable_sandboxing_pre_execve_) {
|
||||
std::string path =
|
||||
absl::GetFlag(FLAGS_sandbox2_danger_danger_permit_all_and_log);
|
||||
|
@ -141,19 +140,17 @@ void LogContainer(const std::vector<std::string>& container) {
|
|||
} // namespace
|
||||
|
||||
void Monitor::Run() {
|
||||
using DecrementCounter = decltype(setup_counter_);
|
||||
std::unique_ptr<DecrementCounter, void (*)(DecrementCounter*)>
|
||||
decrement_count{&setup_counter_, [](DecrementCounter* counter) {
|
||||
counter->DecrementCount();
|
||||
}};
|
||||
std::unique_ptr<absl::Notification, void (*)(absl::Notification*)>
|
||||
setup_notify{&setup_notification_, [](absl::Notification* notification) {
|
||||
notification->Notify();
|
||||
}};
|
||||
|
||||
struct MonitorCleanup {
|
||||
~MonitorCleanup() {
|
||||
getrusage(RUSAGE_THREAD, capture->result_.GetRUsageMonitor());
|
||||
capture->notify_->EventFinished(capture->result_);
|
||||
capture->ipc_->InternalCleanupFdMap();
|
||||
absl::MutexLock lock(&capture->done_mutex_);
|
||||
capture->done_.store(true, std::memory_order_release);
|
||||
capture->done_notification_.Notify();
|
||||
}
|
||||
Monitor* capture;
|
||||
} monitor_cleanup{this};
|
||||
|
@ -243,7 +240,7 @@ void Monitor::Run() {
|
|||
|
||||
// Tell the parent thread (Sandbox2 object) that we're done with the initial
|
||||
// set-up process of the sandboxee.
|
||||
decrement_count.reset();
|
||||
setup_notify.reset();
|
||||
|
||||
MainLoop(&sigtimedwait_sset);
|
||||
}
|
||||
|
|
|
@ -27,7 +27,7 @@
|
|||
#include <ctime>
|
||||
#include <memory>
|
||||
|
||||
#include "absl/synchronization/blocking_counter.h"
|
||||
#include "absl/synchronization/notification.h"
|
||||
#include "sandboxed_api/sandbox2/comms.h"
|
||||
#include "sandboxed_api/sandbox2/executor.h"
|
||||
#include "sandboxed_api/sandbox2/ipc.h"
|
||||
|
@ -60,7 +60,7 @@ class Monitor final {
|
|||
void Run();
|
||||
|
||||
// Getters for private fields.
|
||||
bool IsDone() const { return done_.load(std::memory_order_acquire); }
|
||||
bool IsDone() const { return done_notification_.HasBeenNotified(); }
|
||||
|
||||
// Getter/Setter for wait_for_execve_.
|
||||
bool IsActivelyMonitoring();
|
||||
|
@ -156,15 +156,14 @@ class Monitor final {
|
|||
// Parent (the Sandbox2 object) waits on it, until we either enable
|
||||
// monitoring of a process (sandboxee) successfully, or the setup process
|
||||
// fails.
|
||||
absl::BlockingCounter setup_counter_;
|
||||
absl::Notification setup_notification_;
|
||||
// The field indicates whether the sandboxing task has been completed (either
|
||||
// successfully or with error).
|
||||
absl::Notification done_notification_;
|
||||
|
||||
// The main tracked PID.
|
||||
pid_t pid_ = -1;
|
||||
|
||||
// The field indicates whether the sandboxing task has been completed (either
|
||||
// successfully or with error).
|
||||
std::atomic<bool> done_{false};
|
||||
absl::Mutex done_mutex_;
|
||||
// False iff external kill is requested
|
||||
std::atomic_flag external_kill_request_flag_;
|
||||
// False iff dump stack is requested
|
||||
|
|
|
@ -21,7 +21,6 @@
|
|||
#include <string>
|
||||
|
||||
#include "absl/memory/memory.h"
|
||||
#include "absl/synchronization/blocking_counter.h"
|
||||
#include "sandboxed_api/sandbox2/monitor.h"
|
||||
#include "sandboxed_api/sandbox2/result.h"
|
||||
#include "sandboxed_api/util/canonical_errors.h"
|
||||
|
@ -39,9 +38,8 @@ sapi::StatusOr<Result> Sandbox2::AwaitResultWithTimeout(
|
|||
CHECK(monitor_ != nullptr) << "Sandbox was not launched yet";
|
||||
CHECK(monitor_thread_ != nullptr) << "Sandbox was already waited on";
|
||||
|
||||
absl::MutexLock lock(&monitor_->done_mutex_);
|
||||
auto done = monitor_->done_mutex_.AwaitWithTimeout(
|
||||
absl::Condition(monitor_.get(), &Monitor::IsDone), timeout);
|
||||
auto done =
|
||||
monitor_->done_notification_.WaitForNotificationWithTimeout(timeout);
|
||||
if (!done) {
|
||||
return ::sapi::DeadlineExceededError(
|
||||
"Sandbox did not finish within timeout");
|
||||
|
@ -124,7 +122,7 @@ void Sandbox2::Launch() {
|
|||
// Wait for the Monitor to set-up the sandboxee correctly (or fail while
|
||||
// doing that). From here on, it is safe to use the IPC object for
|
||||
// non-sandbox-related data exchange.
|
||||
monitor_->setup_counter_.Wait();
|
||||
monitor_->setup_notification_.WaitForNotification();
|
||||
}
|
||||
|
||||
} // namespace sandbox2
|
||||
|
|
Loading…
Reference in New Issue
Block a user